Re: lastfm 1.5.1.31879.dfsg-1+lenny1 stable update
On Tuesday, November 16, 2010 02:19:12 pm Moritz Muehlenhoff wrote:
> In gmane.linux.debian.devel.release, you wrote:
> > --wZwWzkkm73dI25u3
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Oct 4, 2010 at 14:26:26 -0700, John Stamp wrote:
> >> Hello,
> >>
> >>=20
> >>
> >> Bug#598294: lastfm: CVE-2010-3362: insecure library loading also
> >> affects the version in stable. I notified the security team, but
> >> Moritz told me that this does not warrant a DSA. He suggested
> >> that I instead get this fixed through a stable point update.
> >>
> >>=20
> >>
> >> The proposed diff is below:
> >>=20
> >>
> >> diff --git a/debian/changelog b/debian/changelog
> >> index 857c175..dce2413 100644
> >> --- a/debian/changelog
> >> +++ b/debian/changelog
> >> @@ -1,3 +1,9 @@
> >> +lastfm (1:1.5.1.31879.dfsg-1+lenny1) stable-security;
> >> urgency=3Dhigh +
> >> + * Fix CVE-2010-3362: insecure library loading
> >> +
> >> + -- John Stamp <jstamp@users.sourceforge.net> Thu, 30 Sep 2010
> >> 15:39:42=
> >>
> > -0700
> >
> >> +
> >>
> >> lastfm (1:1.5.1.31879.dfsg-1) unstable; urgency=3Dlow
> >>
> >> =20
> >>
> >> * New upstream.
> >>
> >> diff --git a/debian/lastfm.sh b/debian/lastfm.sh
> >> index 34a2487..aef3654 100644
> >> --- a/debian/lastfm.sh
> >> +++ b/debian/lastfm.sh
> >> @@ -1,5 +1,5 @@
> >>
> >> #!/bin/sh
> >>
> >> =20
> >>
> >> RUNDIR=3D"/usr/lib/lastfm"
> >>
> >> -export LD_LIBRARY_PATH=3D"${RUNDIR}:${LD_LIBRARY_PATH}"
> >> +export
> >> LD_LIBRARY_PATH=3D"${RUNDIR}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
> >> "
> >>
> >> exec "${RUNDIR}/last.fm" "$@"
> >>
> >>=20
> >>
> >> Is this OK to upload?
> >>
> >>=20
> >>
> > The changelog should say 'stable' rather than 'stable-security'.
> > Other than this, please go ahead.
>
> John,
> did you see the mail? You haven't uploaded a spu update yet.
>
> Cheers,
> Moritz
No I didn't, but that was my fault. It's now uploaded.
Regards,
John
Reply to: